My Visit to SCO

The full story of what one person who signed SCO's NDA encountered on his trip to Lindon, Utah.

This essay describes my visit to SCO on
June 17, 2003, to discuss SCO's claim that Linux infringes on its
intellectual property rights. I visited the SCO office in Lindon,
Utah, for about one hour. I spoke with Chris Sontag, Senior Vice
President, Operating Systems Division, and with Blake Stowell,
Director of Public Relations. In order to speak with them, I signed
a non-disclosure agreement.

The short version of this essay is SCO's claims are unproven,
as I expected would be the case before I went. The amount of
information SCO was willing to show me was extremely limited, and
it did not by itself prove that SCO's claims were true nor that its
claims were false.

Background

I won't give the full background here, as it is well covered
elsewhere, such as on
Karsten
Self's page. The short version, as of June 17, 2003, is SCO
has sued IBM, alleging that IBM took work that was the intellectual
property of SCO and incorporated it into Linux (when I say "Linux"
in this essay, I mean specifically the Linux kernel, not a complete
distribution). SCO is the current owner of Unix, which originally
was developed by AT&T. SCO, which used to be named Caldera,
purchased the rights to Unix from a different company named SCO,
which has since changed its name to Tarantella. Along with Unix,
SCO purchased a number of contractual agreements, including one
with IBM. SCO is alleging that IBM has violated that
contract.

SCO also sent a letter to some 1,500 commercial users of
Linux distributions, warning them that Linux may be an unauthorized
derivative of code owned by SCO. That is, SCO alleges that Linux
actually to some extent is owned by SCO and may not be distributed
under the GPL. The letter further claims that users of Linux may
have legal liability because of this.

SCO said it would provide evidence that Linux is a derivative
of Unix to independent analysts. With the help of Don Marti, Editor
in Chief of Linux Journal, I contacted SCO and
offered to be one of those analysts. SCO agreed, subject to my
signing the NDA and traveling to its headquarters in Lindon,
Utah.

SCO's legal case is complicated by the fact that when SCO was
named Caldera it was itself a Linux distributor, and it may have
distributed, under the GPL, the code which it now claims to own. It
also complicated by allegations that SCO has incorporated Linux
code under the GPL into UnixWare. These issues may indeed cause
SCO's legal case to founder, but not in the way I would prefer it
to founder.

Why Did I Go?

I took the trouble to visit SCO because I care about what
happens to free software in general and Linux in particular. The
SCO claims have put a cloud over Linux. I have heard speculation
from business acquaintances that the free versions of Linux will be
shunned by corporate IT users, who will be unwilling to take the
legal risk of using it. I don't think that would be good for Linux
or for free software.

I remember the AT&T case against BSDI and the University
of California, which arguably stalled BSD development for a few
years. Indeed, it arguably was the root cause of Linux's
popularity, because Linux development was not stalled. SCO's case
against IBM is in some ways a reprisal of the AT&T case, and I
fear that it has a similar potential to stall Linux
development.

SCO was willing to speak only with people who signed a
Draconian non-disclosure agreement (NDA), one which essentially
permitted SCO to declare any information it provided to be
confidential, regardless of whether the signer already knew it, and
which offered no circumstances under which that information could
be revealed. Most Linux developers are unable to sign such an NDA,
as it easily could prevent them from ever again working on the
kernel. Similarly, employees of any company that works with Linux
cannot sign such an NDA.

I have never contributed to the Linux kernel myself. However,
I have worked with free software for over 10 years, including
acting as a maintainer for projects owned by the Free Software
Foundation. I have plenty of personal knowledge of how free
software development works. I currently am not employed by anybody,
but simply working as a contractor on work not related to
Linux.

Thus, I felt going in that I was in a good position to sign
the NDA and to analyze the information that SCO presented to me.
While SCO easily could have made it impossible for me to contribute
to the Linux kernel, it had no reason to do so. In any case, I had
no particular plans to do any kernel work.

Before going to meet SCO, I asked three times if it would be
willing to change the NDA. I suggested that SCO should change the
NDA to permit the disclosure of information when legally required
by a court and to permit the disclosure of information when SCO
specifically agrees to it. I also suggested the NDA should be
changed so that information I already knew before meeting could not
be treated confidential. The only response I received was SCO
forwarded my suggestions to its counsel.

Comments

Comment viewing options

Hi Ian,
Perhaps you can help explain a paradox to me. SCO/Caldera permitted inclusion of it's Unix source (including the "Ancient Unix", OpenServer and UnixWare sources which comprise to the best of my understanding the totality of their Unix operating system intellectual property) into open source (which would be Linux) on November 18, 2000. I'm wondering why it's a big deal now to SCO years later to discover their Unix code in Linux. The basis for my statement is as follows:

On November 18, 2000 SCO/Caldera published a FAQ on their webpage (see link note 1 below) which explained the free license they offered to users who downloaded the "Ancient Unix" source and binaries. The FAQ expressed the following in response to a sample question which read "What can I do with this free license and media kit?" the response was "It can also be used for open source development and speculative development (Product development done before a product is shipped)" (emphasis added) further along in answer to another question regarding alternate Unix source the FAQ indicates "you can use the OpenServer or UnixWare source without buying the media kit getting a copy from a coworker to use in conjunction with your free license" (emphasis added). The second question/answer extends the license (which permits inclusion of SCO Ancient Unix source into open source) to OpenServer and UnixWare. This the interpretation of the license offered by SCO on it's own web page.

It occurs to me SCO indicated it's intent on the FAQ while explaining the license that the purpose was to permit use of the SCO Unix sources for open source development (of which Linux is an example). While there ARE restrictions on who and how source may be migrated from SCO Unix source to open source according to the FAQ (that is it must not be for sale, not for your company, etc) the obstacles are clearly not insurmountable and are likely trivial for the majority of Linux contributors/authors.

Today you can still download the "Ancient Unix" source at mirrors (see note 2), even accept the license per the FAQ at an authorized SCO mirror.

How can SCO/Caldera permit in it's license and website FAQ use of it's Unix sources for open source development then claim discovery of it's Unix source in Linux is an infringement actionable against the Linux community/users generally? I can understand if there are contractual issues between SCO and IBM, but not any issue regarding presence of SCO Unix source in Linux.

I'm wondering how any inclusion of parts of SCO Unix source into Linux by IBM can harm SCO when they've made it available to most of the world to be used for open source development for free? Thanks for taking the time to read this and please pardon me if my logic is off as I'm not an attorney. The only way this makes any sense is the constant mentioning of IBM's handling of source, and comments about derivative rights, this as SCO appears to have tossed it's own code & rights into the open.

Do you all know that the archive.org site will delete all history of one site if asked to do so by the company ... CAn some one keep a copy. If it is usefull or not we will see but at least SCO can not 'alter' the past.

Also another puzzling question is how much Linux code is in any of SCO's UNIX which we will never be shown. Or to ask the other way, how can the Open Source Comunity make sure (and use it in cases like this) that a closed source does not have any GPL'ed code in it ? If we could proove that SCO itself is violating contracts how can a judge make a ruling in SCO's favour and on the other hand disregard the Open Source's rights ?

I'm not familiar with this, and I don't have a solid answer to this question.

However, when I look at the FAQ, I do see this: You may not use it in your business or to support commercial or profit-making activities. It's true that that appears in the same answer which permits open source usage. But the combination of the two implies that SCO is not using the usual definition of open source, but something more like the Microsoft definition. Code released under the GPL does not meet the restriction in the FAQ, since GPL code may be used to support commercial activities.

Hi,
Yes YOU MAY NOT USE IT for this or that, however YOU may include it into open source... the out is the author who bridges doesn't use it for commercial purpose... as long as the author isn't, then it appears to comply with the SCO license. What others do does NOT appear covered by the FAQ/license. I believe this is the method of bridging any SCO source Unix source into open source. They limit only what the author writing to open source does, NOT what the open source license is.

*I* think "you can use this for open source development" means "you can (eg) port Perl5 to run on v7... if for some reason you were maso enough to want to do that". I don't think they mean "use code from this (ancient Unix) in some other thing" at all.

This is a reply to the post which indicated - "No, I think everyone's misunderstood the intent of their language"

I don't believe there is a misunderstanding, if there is ambiguity it's usually the grantor who suffers. It was up to SCO to properly indicate what it meant... available to open source development when put out by an open source (Linux) developer has a pretty clear meaning to me :-) These are not kids, they are Unix and Linux developers. What Linux developer doesn't understand the meaning of making source available to "open source development" ??

I am not Ian, but this might help anyway: what they released to the public is old Unix code, iirc up to V7, PWB, and v32. afaik they haven't released any SysV (or even SysIV) code, and their complaint is about SysV code, which might be quite different from the code they released

Hi,
Read the link to the FAQ, I quoted it (whatever is in "" in my post is directly quoted from SCO/Caldera). They include BOTH their current products under the license according to the FAQ. The current SCO products are SysV code... I believe this has been lost on the community generally... READ THE SCO FAQ PLEASE :-)

I'm Not a Lawyer
OK, that being said... We might be dancing on the head of the distinction between "trade secret" and "copyright". From my very limited understanding of the law, Trade Secret is stronger, but requires more safeguards. I think that it would be nearly impossible to assert Trade Secret on the ATT Unix code, considering that they gave it away for nearly peanuts.

So that leaves Copyright, and the key issue is how much can you change something, where the sum of the changes produce a new work...

I think that it would be nearly impossible to assert Trade Secret on the ATT Unix code, considering that they gave it away for nearly peanuts.

That's because you still haven't understood exactly how precarious their house of cards is. They aren't claiming that IBM has divulged SCO's code, so they don't need to claim that SCO's code is a trade secret.

What they are claiming is that :

1. The contract between IBM and AT&T requires IBM to keep secret the code of any derivatives of Sys V.

2. AIX is licensed to use the Sys V code and is thus derivative of Sys V.

3. IBM has added to Linux code that has been used in AIX. Since AIX is derivative of Sys V, IBM are contractually required to keep this code secret even though it contains no Sys V code.

Part 3 is where the whole thing tumbles down, of course, any code separated out from AIX that doesn't include or rely on Sys V code is not derivative of Sys V in any way. It's verbal trickery that makes it seem as though it could be.

But anyway, that's what they're claimning. The trade secret is not over SCO's code but over IBM's.

Hmmm, I went back to my copy of the essay to reconsider my use of the word flounder only to discover that I didn't use that word. I did use founder. So either Linux Journal changed it from my copy, and then (since it's currently founder) changed it back, or you misread it.

Just wanted to touch on the derivative works section. If this is true wouldn't it be a good argument that if the court accepts SCOs definition, then the whole case would be a moot point. Because UNIX would then be considered, under the definition, a derivative of the platform it was developed on. Which I believe but can't validate VMS. Then VMS was developed on an IBM system.

So UNIX, by The SCO Group's own definition, belongs to whoever wrote that PDP-7's OS, probably DEC/Digital, later eaten by Compaq, later eaten by Hewlett Packard. Mmmm. What would happen to The SCO Group if it turned out that by their own reasoning, Hewlett Packard were the rightful owners of UNIX and all derivatives? (-:

The key to SCO's case against IBM appears to be an expansive notion of derivative works.
But this is just the part of SCO's argument that doesn't make any sense. IBM's original license from AT&T contains an amendment to the effect that any derivative works developed by IBM belong to IBM. This is a direct quote from the letter of amendment (Exhibit C in SCO's complaint filed with the court):
Regarding Section 2.01, we [AT&T] agree that modifications and derivative works prepared by or for you [IBM] are owned by you.

The later agreement between IBM, SCO, and Novell specifies that, after a one-time payment from IBM to SCO, IBM has a fully paid-up, permanent, and irrevocable license.
Here's my take on what's going on here. I had a look at SCO's 10-Q filing with the SEC. It seems they are being sued over alleged securities fraud in connection with their IPO. I also noted from the Form 4 filings (insider transactions) that several of the senior people have been selling the stock in the last couple of months. I think this "litigation by press release" is all about trying to pump up the stock so the rats can get off the sinking ship.

It appears to me that under the definition of intellectual property being proposed here by SCO, that the music catalogs of The White Stripes, The Ramones, REM, The Beach Boys, The Beatles and countless others are all tainted, as they're all derivative of Chuck Berry and Little Richard.

Music does not happen in a vac*****. A musician hears things, they inspire him, and he writes about his inspiration. If somebody attempted to copyright the C-to-G chord change, he'd initially be laughed at by most, but if he succeded in getting his case to court, and had a good enough lawyer to win the case, writing new music would become a difficult task indeed.

The case with technology is similar. Everything is based on something that came before, so in that sense everything is derivative. Success for SCO in this case could have the effect (intended or not) of stifling software development for decades to come. Bringing this issue to court, where people understand law well, but technology poorly, is essentially shooting craps with the future of software development.

This shouldn't surprise us too much, however. This same cast of characters (or a very similar one) has been hanging around courtrooms and law offices for much of the past two decades, trying to maximize the amount of money they can make from work that they took no real part in. S hame C ome O ver all of them!

I should, perhaps, make clear that I don't think that JFS is a derivative work of Unix. I think that if the case gets to court, the court will agree that JFS is not a derivative work. But since courts are unpredictable, I wouldn't put money on it.

I will note that JFS, which is integrated into the Unix kernel, is not the same as clean.sh, which merely uses the Unix API.

If any of the code in question conceptually or otherwise had been released into the public domain, no such secrets exist.

SCO will have to prove that the code in question was part of their agreement, that it was not part of any of their linux GPL code, and that it was not derivative of any other source than the code that they owned.

If they released any of this code in their version of linux, they will be extremely hard pressed to win ANY damages.

Unrelated to your comment, but relating to the subject of Derivative Works:

Just my opinion, but the whole argument on derivative works, copy rights, and intelecual property seems pretty scary to me. Looking at the big picture, almost everything is derived from something else. From the essay posted, SCO is being so general on what they call derivative works, that anything related to UNIX could arguibly be a derivative work. Even if I was to sit down right now, without looking at any other source, and code a whole OS that's UNIX like, SCO could say I based my entier OS on the UNIX concept and therefore owe a royalty.

I know that's extream, but there's other issues with what SCO wants to call a "derivate works". Say you had a classroom assignment to create an algorythm to perform a certain task. Without any copying from other classmates, I'm willing to bet that there would only be a few "unique" methods of code. Without seeing what each other was doing, most classmates would pretty much write the same code. So two classmates given the same project come up with near identical solutions. Did that copy? No, it was just coniencidental. You would know that, and I would know that, but give it to a sleezy lawer in front of a stupid judge and the law will probably say something different.

In the example given, I think the chances of writing near identical code for 80 or so lines is pretty coincidental. Using the same varible names? That doesn't surprize me. If the varible defines the same object, it's not uncommon for two coders to choose similar names. It's scary to think how this will play out in court.

Actually, any claim by SCO must be limited to actual copies of source code from their version of UNIX. SCO does not own UNIX or the right to create derivative works from UNIX.
Derivative works, not originating from the System V source code are derivatives of the Single Unix Specification which is, I believe, owned by the OSF. One could also argue that by its actions at the time of the sale of the source coe, ATT/USL specifically excluded from the transfer the control over derivative works which is normally a part of copyright.
This is of no help to IBM, which apparently has a specific contract regarding any derivative works it has created. The extent and validity of this contract may be tested in this case, but its outcome will not necessarily impact on the developers of Linux.
As far as the ATT/USL copyright(s) are concerned, I believe that the court did deal with that issue in the Berkley / ATT case. In one of its rulings, the court held that ATT had probably not met the requirements for copyright protection which were in force at the time of the original sale of the UNIX products (before 1989). Esentially, ATT published the work without copyright notice and without registration of copyright:

" The copyright laws in effect prior to 1989 do not allow such expansive protection against the consequences of noticeless publication. As quoted above, publication includes distributing copies by "renting, leasing, or lending." 17 U.S.C. 101. Under Plaintiff's construction of the doctrine of limited publication, "renting, leasing, or lending" would not constitute publication whenever the owner of the copyright screened out irresponsible customers. It seems unlikely that Congress drafted this section with this purpose in mind.
Consequently, I find that Plaintiff has failed to demonstrate a likelihood that it can successfully defend its copyright in 32V. Plaintiff's claims of copyright violations are not a basis for injunctive relief."

I believe that the version cited ("32V") is the 32-bit System V code.

This makes it likely that it will be very difficult for SCO to undertake copyright enforcement on that portion of the code. This would not cover all of the System V code, but would certainly extend to prior versions and probably to the bulk of the System V code as well.
The documents from the Berkley / ATT case are availavble at:http://cm.bell-labs.com/cm/cs/who/dmr/bsdi/
and do make interesting reading.

I think Sir Isaac Newton said it best "If I see further, it is because I stand on the shoulders of giants"
Everything in human accomplishment is a derivitive work if you take SCO's view of things, of course that invalidates their claim because then even UNIX must be a derivitive of previous work in computer science.

SCO did not permit me to type the code, but I was told the Linux file name, and I have a good memory for such things in any case.

I think your later comment should have been qualified, at least.

I admit that SCO's example unsettled me by what it implies. Although in itself trivial, it does suggest that some Linux contributors may have been careless about copyright infringement. That is unfortunate.

Given that you know the name of the file, and the history of that file is of public record, you should have been able to identify the author of that code. This comment should have been specifically pointed to that author (not necessarily by name or any identifying characteristic) -- at least to the extant that you made an effort to know who that author is.

My read of the NDA (but I may be wrong in my interpretation of it) seemed to suggetst that SCO representatives would meet with NDA signers to show them proof of UNIX code having been copied int Linux. You say that you saw no such proof.
Now even if the NDA is valid (because you signed it) wouldn't it be inapplicable to the meeting referred to in the article since the meeting in which SCO would show the proof, hasn't taken place yet?

The software industry today survives only through an unstated agreement not to stir things up too much. We must hope this lawsuit isn't the big stirring spoon.

Chilling thought, isn't it?

But maybe the real way to fight and play this situation is to stirr the pattent issue up as much as possible? US Congress is very sensitive to the needs of the software industry (especially with players like Microsoft constantly in their ears). If the pattent issue starts to become a thread to the economy, it might just make Microsoft and others lobby in favor of resolving this mess! Imagine that - Microsoft and open source folk having the same interests!

As far as how to do this practically, one thing that comes to mind is to dig though the pattent office database (publicly accessible) and find pattents that are likely to be currently violated by large players, and then publish this information. Once a good compilation of material exists, the topic might even cause mainstream media to become interested. Especially financial media (Forbes, CNBC, etc.). I find that these folks can quickly become very interested in the most obscure topics when those topics might have impact on the bottom line of publically traded (larger cap) companies.

Microsoft and IBM will not be allies in this. Who supports and does not support software patents relies heavily on the question of how large their current patent portfolio is. Software patents don't serve as an incentive for innovation in software (which exists both within, but largely outside a manufacturing context), but as a form of government protectionism for incumbent "software manufacturing" companies.

As much as IBM appears to be on our side with their support of Linux, they were in fact the most visible company pushing for royalty-bearing patents in W3C standards. IBM and software patents are in fact a far larger threat to the Free Software/Linux community than Microsoft is.

I am currently working on A Review Of Software Patent Issues for Industry Canada. This may make for an interesting read. I am also looking for feedback which will also be delivered to the client.

Bad idea. Microsoft is the biggest single force pushing FOR software patents. If the current EU software patent directive gets passed it will lead to a massive flood of EU software patents, and the way it is worded Microsoft (and any other closed source company) can abuse the patents for an absoloute interoperability lockout against all competitors, opensource in particular.

If you've heard of this directive before, it's quite possible you've heard it described as outlawing or limiting software patents. It's a major snowjob. The "limitations" it intruduces have exactly the OPPOSITE effect as professed. A hidden author field inside the document proves that it was actually written by the BSA.

Trending Topics

Webinar: 8 Signs You’re Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
11am CDT, April 29th

Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.